Merge branch 'master' of github.com:pydanny/cookiecutter-django

docs/developing-locally.rst

@@ -9,20 +9,32 @@ The steps below will get you up and running with a local development environment
 * virtualenv
 * PostgreSQL
 
-First make sure to create and activate a virtualenv_, then open a terminal at the project root and install the os dependencies::
+First make sure to create and activate a virtualenv_.
 
-    $ sudo ./install_os_dependencies.sh install
+.. _virtualenv: http://docs.python-guide.org/en/latest/dev/virtualenvs/
 
 Then install the requirements for your local development::
 
     $ pip install -r requirements/local.txt
 
-.. _virtualenv: http://docs.python-guide.org/en/latest/dev/virtualenvs/
-
 Then, create a PostgreSQL database with the following command, where `[project_slug]` is what value you entered for your project's `project_slug`::
 
     $ createdb [project_slug]
 
+You can now run the usual Django ``migrate`` and ``runserver`` commands::
+
+    $ python manage.py migrate
+    $ python manage.py runserver
+
+At this point you can take a break from setup and start getting to know the files in the project. 
+
+But if you want to go further with setup, read on. 
+
+(Note: the following sections still need to be revised)
+
+Setting Up Env Vars for Production
+-----------------------------------
+    
 `Cookiecutter Django` uses the excellent `django-environ`_ package with its ``DATABASE_URL`` environment variable to simplify database configuration in your Django settings. Now all you have to do is rename env.example to .env and then compose a definition for ``DATABASE_URL`` as shown below and add it to the .env file:
 
 .. parsed-literal::
@@ -31,12 +43,8 @@ Then, create a PostgreSQL database with the following command, where `[project_s
 
 .. _django-environ: http://django-environ.readthedocs.io
 
-You can now run the usual Django ``migrate`` and ``runserver`` commands::
-
-    $ python manage.py migrate
-    $ python manage.py runserver
-
-**Setup your email backend**
+Setup your email backend
+-------------------------
 
 django-allauth sends an email to verify users (and superusers) after signup and login (if they are still not verified). To send email you need to `configure your email backend`_
 
@@ -85,5 +93,3 @@ The base app will now run as it would with the usual ``manage.py runserver`` but
 To get live reloading to work you'll probably need to install an `appropriate browser extension`_
 
 .. _appropriate browser extension: http://feedback.livereload.com/knowledgebase/articles/86242-how-do-i-install-and-use-the-browser-extensions-
-
-It's time to write the code!!!

docs/index.rst

@@ -14,7 +14,7 @@ Contents:
 .. toctree::
    :maxdepth: 2
 
-
+   my-favorite-cookie
    project-generation-options
    developing-locally
    developing-locally-docker

docs/my-favorite-cookie.rst

@@ -0,0 +1,100 @@
+************************************************
+Creating your first app with Cookiecutter-Django
+************************************************
+
+This tutorial will show you how to build a simple app using the `Cookiecutter Django <https://github.com/pydanny/cookiecutter-django>`_ templating system. We'll be building a cookie polling app to determine the most popular flavor of cookie. 
+
+Developers who have never used Django will learn the basics of creating a Django app; developers who are experienced with Django will learn how to set up a project within the Cookiecutter system. While many Django tutorials use the default SQLite database, Cookiecutter Django uses PostGres only, so we'll have you install and use that. 
+
+
+Dependencies
+============
+This tutorial was written on Windows 10 using `git bash <https://git-for-windows.github.io/>`_; alternate instructions for Mac OS and Linux will be provided when needed. Any Linux-style shell should work for the following commands. 
+
+You should have your preferred versions of `Python <https://www.python.org/downloads/>`_
+and `Django <https://www.djangoproject.com/download/>`_ installed. Use the latest stable versions if you have no preference. 
+
+You should have `Virtualenv <https://virtualenv.pypa.io/en/stable/>`_ and `Cookiecutter  <https://github.com/pydanny/cookiecutter-django/>`_ installed:
+
+.. code-block:: python
+
+    $ pip install virtualenv
+    $ pip install cookiecutter
+
+You should also have `PostgreSQL <https://www.postgresql.org/download/>`_ installed on your machine--just download and run the installer for your OS. The install menu will prompt you for a password, which you'll use when creating the project's database.
+
+
+Instructions
+============
+
+1. **Setup** -- how to set up a virtual environment
+2. **Cookiecutter** -- use Cookiecutter to initialize a project with your own customized information.
+3. **Building the App** -- creating the My Favorite Cookie application.
+
+============
+1. Setup
+============
+
+Virtual Environment
+"""""""""""""""""""
+
+Create a virtual environment for your project. Cookiecutter will install a bunch of dependencies for you automatically; using a virtualenv will prevent this from interfering with your other work.
+
+.. code-block:: python
+
+    $ virtualenv c:/.virtualenvs/cookie_polls
+
+Replace ``c:/.virtualenvs`` with the path to your own ``.virtualenvs`` folder.
+
+Activate the virtual environment by calling ``source`` on the ``activate`` shell script . On Windows you'll call this from the virtualenv's ``scripts`` folder:
+
+.. code-block:: python
+    
+    $  source /path/to/.virtualenvs/cookie_polls/scripts/activate
+
+On other operating systems, it'll be found in the ``bin`` folder. 
+
+.. code-block:: python
+    
+    $  source /path/to/.virtualenvs/cookie_polls/bin/activate
+
+You'll know the virtual environment is active because its name will appear in parentheses before the command prompt. When you're done with this project, you can leave the virtual environment with the ``deactivate`` command. 
+
+.. code-block:: python
+    
+    (cookie_polls)
+    $  deactivate
+  
+
+Now you're ready to create your project using Cookiecutter. 
+
+
+===============
+2. Cookiecutter 
+===============
+
+Django developers may be familiar with the ``startproject`` command, which initializes the directory structure and required files for a bare-bones Django project. While this is fine when you're just learning Django for the first time, it's not great for a real production app. Cookiecutter takes care of a lot of standard tasks for you, including installing software dependencies, setting up testing files, and including and organizing common libraries like Bootstrap and AngularJS. It also generates a software license and a README.
+
+Change directories into the folder where you want your project to live, and run ``cookiecutter`` followed by the URL of Cookiecutter's Github repo.
+
+.. code-block:: python
+
+    $ cd /my/project/folder
+    (cookie_polls)
+    my/project/folder  
+    $ cookiecutter https://github.com/pydanny/cookiecutter-django
+
+This will prompt you for a bunch of values specific to your project. Press "enter" without typing anything to use the default values, which are shown in [brackets] after the question. You can learn about all the different options `here, <http://cookiecutter-django.readthedocs.io/en/latest/project-generation-options.html>`_ but for now we'll use the defaults for everything but your name, your email, the project's name, and the project's description.
+
+.. code-block:: python
+
+     project_name [project_name]: My Favorite Cookie
+     project_slug [My_Favorite_Cookie]: 
+     author_name [Your Name]: Emily Cain
+     email [Your email]: contact@emcain.net
+     description [A short description of the project.]: Poll your friends to determine the most popular cookie. 
+
+Then hit "enter" to use the default values for everything else. 
+
+ 
+

{{cookiecutter.project_slug}}/config/settings/common.py

@@ -53,7 +53,7 @@ INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
 # MIDDLEWARE CONFIGURATION
 # ------------------------------------------------------------------------------
 MIDDLEWARE_CLASSES = (
-    # Make sure djangosecure.middleware.SecurityMiddleware is listed first
+    'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',

{{cookiecutter.project_slug}}/config/settings/production.py

@@ -29,40 +29,26 @@ from .common import *  # noqa
 # Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ
 SECRET_KEY = env('DJANGO_SECRET_KEY')
 
+
 # This ensures that Django will be able to detect a secure connection
 # properly on Heroku.
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-
-# django-secure
-# ------------------------------------------------------------------------------
-INSTALLED_APPS += ('djangosecure', )
-{% if cookiecutter.use_sentry == 'y' -%}
+{%- if cookiecutter.use_sentry == 'y'-%}
 # raven sentry client
 # See https://docs.getsentry.com/hosted/clients/python/integrations/django/
 INSTALLED_APPS += ('raven.contrib.django.raven_compat', )
-{%- endif %}
-SECURITY_MIDDLEWARE = (
-    'djangosecure.middleware.SecurityMiddleware',
-)
-{% if cookiecutter.use_whitenoise == 'y' -%}
+{% endif %}
+{%- if cookiecutter.use_whitenoise == 'y' %}
 # Use Whitenoise to serve static files
 # See: https://whitenoise.readthedocs.io/
-WHITENOISE_MIDDLEWARE = (
-    'whitenoise.middleware.WhiteNoiseMiddleware',
-)
+WHITENOISE_MIDDLEWARE = ('whitenoise.middleware.WhiteNoiseMiddleware', )
 MIDDLEWARE_CLASSES = WHITENOISE_MIDDLEWARE + MIDDLEWARE_CLASSES
-{%- endif %}
-{% if cookiecutter.use_sentry == 'y' -%}
-RAVEN_MIDDLEWARE = (
-    'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
-)
+{% endif %}
+{%- if cookiecutter.use_sentry == 'y' -%}
+RAVEN_MIDDLEWARE = ('raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware', )
 MIDDLEWARE_CLASSES = RAVEN_MIDDLEWARE + MIDDLEWARE_CLASSES
-{%- endif %}
-
-# Make sure djangosecure.middleware.SecurityMiddleware is listed first
-MIDDLEWARE_CLASSES = SECURITY_MIDDLEWARE + MIDDLEWARE_CLASSES
-
-{% if cookiecutter.use_opbeat == 'y' -%}
+{% endif %}
+{%- if cookiecutter.use_opbeat == 'y' -%}
 # opbeat integration
 # See https://opbeat.com/languages/django/
 INSTALLED_APPS += ('opbeat.contrib.django',)
@@ -74,7 +60,13 @@ OPBEAT = {
 MIDDLEWARE_CLASSES = (
     'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
 ) + MIDDLEWARE_CLASSES
-{%- endif %}
+{% endif %}
+
+# SECURITY CONFIGURATION
+# ------------------------------------------------------------------------------
+# See https://docs.djangoproject.com/en/1.9/ref/middleware/#module-django.middleware.security
+# and https://docs.djangoproject.com/ja/1.9/howto/deployment/checklist/#run-manage-py-check-deploy
+
 # set this to 60 seconds and then to 518400 when you can prove it works
 SECURE_HSTS_SECONDS = 60
 SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
@@ -82,9 +74,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
 SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
     'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
 SECURE_BROWSER_XSS_FILTER = True
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+X_FRAME_OPTIONS = 'DENY'
 
 # SITE CONFIGURATION
 # ------------------------------------------------------------------------------
@@ -95,6 +90,7 @@ ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS', default=['{{cookiecutter.domain
 
 INSTALLED_APPS += ('gunicorn', )
 
+
 # STORAGE CONFIGURATION
 # ------------------------------------------------------------------------------
 # Uploaded Media Files

{{cookiecutter.project_slug}}/requirements/base.txt

@@ -11,7 +11,6 @@ django==1.9.6
 
 # Configuration
 django-environ==0.4.0
-django-secure==1.0.1
 {% if cookiecutter.use_whitenoise == 'y' -%}
 whitenoise==3.0
 {%- endif %}